Hallo,

If i understand this correctly i can only use scopes if the Passport package is installed in my client application, and not if the Passport lives in a separate Laravel application (Auth Server)

Route::get('/orders', function () {
    // Access token has both "check-status" and "place-orders" scopes...
})->middleware('scopes:check-status,place-orders');

I googled quit a bit about this "problem" but no real suggestions or "correct" ways to follow.

Right now i have my Clinet App where i have API Routes like:

post: /vouchers get: /vouchers/ABC12345

and so on this are all protected by my custome middleware (voucher-auth).

The Middleware checks if there is a User in my redis with an access_token that is given to the server by a Cookie. If there is no User in the redis cached, then it makes a HTTP Request to auth.mydomain.com/me This is my Auth Server. The /me Route is protected by passports auth:api middleware so from there Larave Passport checks if the Bearer token is correct and if he finds a User it will be returned and Cached in my Client App.

Im not even quit sure how good this solution but this is the best i could come up with.

The problem is i dont know how to go with the Permissions. Cause is i said the Routes Live in the Clinet App.